A deep Reinforcement Learning approach to Modelling an Intrusion detection system Using asynchronous advantage Actor-Critic Algorithm

Abstract

With the increasing development and use of the internet, cyber-attacks have evolved and more novel attacks with devastating effects are witnessed. The existing Intrusion Detection System (IDS) has not achieved maximum performance due to high false positives and low detection rates which causes low detection accuracies. The aim of the study was to determine the effectiveness of IDS by using the Asynchronous Advantage Actor-Critic (A3C) algorithm to address the current shortcomings. The objectives of the study were: To determine the effectiveness of using the Asynchronous Advantage Actor-Critic algorithm in anomaly detection; To develop an Intrusion Detection System model, based on Asynchronous Advantage Actor-Critic (A3C) Algorithm; To evaluate the performance of the model developed. The theoretical framework adopted was informed by Computational Learning and Machine Learning theories. The study used a quantitative research approach and experimental research design. The secondary data used for evaluation in this study was the University of New South Wales Network Based 2015 (UNSW-NB15) dataset which was purposively selected as it is a well-established benchmark network intrusion simulation dataset. The dataset contained the UNSW-NB15_TRAIN and UNSW-NB15_TEST sets which were selected and utilized in the study. The records selected were 175,341 records to form the training subset and 82,332 records for the testing subset among the original 2,218,761 records. The UNSW-NB15 dataset was preprocessed to ensure quality results and all features of the dataset were used in the experiment. The method employed in analysis for this study was by using predictive analytics where the model’s prediction ability was evaluated and hence the performance rated. The results of this study showed that the capabilities of the A3C algorithm in intrusion detection could perform better as seen in other fields like robotics in automation. From the experiment, the model achieved an accuracy of 93.8%, precision of 92.2% and recall of 95.7% with the compute resource use being average. The experiments showed that the agents quickly learned the optimal policy and maintains the policy until the end of the experiment. The study concludes by pointing out that with the accuracy attained, the learning capabilities of the model can still be increased by fine-tuning it so that it discovers new policies quickly as this is essential to attaining a higher accuracy rate. A recommendation made based on the study was that A3C can be adopted in intrusion detection because of the accuracy of detection and low resource consumption. More research can be done on the adoption of A3C in IDSs by using more training data as this could further improve the model performance.